CLAIMS 



What is claimed is: 



1 1 . A system for proactive forced renewal of content protection 

2 implementations in devices comprising: 

3 a key generation facility to generate and allocate keys for the devices, and 

4 to generate revocation data corresponding to revoked keys, the revoked keys 

5 being revoked in response to at least one of a security compromise and on a 

6 periodic basis independent of a security compromise; and 

7 a device manufacturer to receive the keys from the key generation facility, 

8 to embed the keys in content protection implementations for the devices, to 

9 distribute the devices, and to renew the content protection implementations in 

10 devices after the devices are distributed, the renewal occurring in response to at 

1 1 least one of a security compromise and on a periodic basis independent of a 

1 2 security compromise. 
13 

1 2. The system of claim 1 , further comprising a content provider to receive 

2 the revocation data from the key generation facility, and to communicate the 

3 revocation data to the devices. 
4 

1 3. The system of claim 1 , wherein the device manufacturer receives the 

2 revocation data from the key generation facility, and communicates the 

3 revocation data to the devices. 
4 

1 4. The system of claim 1 , wherein generation of the revocation data and 

2 renewal of the content protection implementations in the devices are performed 

3 at the same frequency. 
4 

1 5. The system of claim 1 , wherein each device processes the revocation 

2 data prior to allowing access to protected content. 
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3 

1 6. The system of claim 1 , wherein the revocation data comprises a range 

2 of key IDs for revoked keys. 
3 

1 7. The system of claim 1, wherein the revocation data comprises a block 

2 of data encrypted by selected keys in a group of keys so that only non-revoked 

3 keys in the key group can be used successfully to process the data and thereby 

4 gain access to the content. 
5 

1 8. The system of claim 1 , wherein the devices comprise consumer 

2 electronics devices for accessing protected content. 
3 

1 9. The system of claim 1 , wherein the device manufacturer renews the 

2 content protection implementations in the devices prior to the distribution of 

3 corresponding revocation data by a selected amount of time. 
4 

1 10. The system of claim 3 wherein the device manufacturer 

2 communicates the revocation data to newly manufactured devices and to 

3 previously distributed devices. 
4 

1 11. The system of claim 1 , wherein the key generation facility sends the 

2 revocation data to a storage media manufacturer for communication of the 

3 revocation data onto at least one of blank media and pre-recorded media, the 

4 media being readable by the devices. 
5 

1 12. The system of claim 1 , wherein the key generation facility sends the 

2 revocation data to a broadcaster for communication of the revocation data into 

3 broadcast content for reception by the devices. 
4 

1 1 3. The system of claim 1 , wherein the devices comprise software- 

2 implemented player applications for accessing protected content. 
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1 14. A method comprising: 

2 receiving keys from a key generation facility; 

3 embedding the keys in a content protection implementation for a plurality 

4 of devices; 

5 distributing the devices; and 

6 renewing the content protection implementations in the devices after the 

7 devices are distributed, the renewal occurring in response to at least one of a 

8 security compromise and on a periodic basis independent of a security 

9 compromise. 
10 

1 15. The method of claim 14, further comprising periodically receiving 

2 revocation data from the key generation facility; and 

3 communicating the revocation data to newly manufactured devices. 
4 

1 16. The method of claim 15, wherein periodically receiving the revocation 

2 data and renewing the content protection implementations in the devices are 

3 performed at the same frequency. 
4 

1 17. The method of claim 15, wherein the revocation data comprises a 

2 range of key IDs for revoked keys. 
3 

1 18. The method of claim 15, wherein renewing the content protection 

2 implementations in the devices occurs prior to communicating the revocation 

3 data to previously distributed devices by a selected amount of time. 
4 

1 19. The method of claim 14, wherein the devices comprise software- 

2 implemented player applications for accessing protected content. 
3 

1 20. The method of claim 15, wherein each device processes the 

2 revocation data prior to allowing access to protected content. 
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1 21 . An article comprising: a storage medium having a plurality of machine 

2 readable instructions, wherein when the instructions are executed by a 

3 processor, the instructions provide for receiving keys from a key generation 

4 facility, embedding the keys in content protection implementations for a plurality 

5 of devices, distributing the devices, and renewing the content protection 

6 implementations in the devices after the devices are distributed, the renewal 

7 occurring in response to at least one of a security compromise and on a periodic 

8 basis independent of a security compromise. 
9 



1 22. The article of claim 21 , further comprising instructions for periodically 

2 receiving revocation data from the key generation facility, and communicating the 

3 revocation data to newly manufactured devices. 
4 

1 23. The article of claim 22, wherein instructions for periodically receiving 

2 the revocation data and periodically renewing the content protection 

3 implementations in the devices are performed at the same frequency. 
4 

1 24. The article of claim 22, wherein the revocation data comprises a 

2 range of key IDs for revoked keys. 
3 

1 25. The article of claim 22, wherein renewing the content protection 

2 implementations in the devices occurs prior to communicating the revocation 

3 data into previously distributed devices. 
1 
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